CX320 Switch Module V100R001 Command Reference 14
ip ip-prefix
Function
The ip ip-prefix command creates an IPv4 prefix list or an entry in an IPv4 prefix list.
The undo ip ip-prefix command deletes an IPv4 prefix list or an entry from an IPv4 prefix list.
By default, no IPv4 prefix list is created.
Format
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ipv4-address mask-length [ match-network ] [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]
undo ip ip-prefix ip-prefix-name [ index index-number ]
ip ip-prefix ip-prefix-name description text
undo ip ip-prefix ip-prefix-name description [ text ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| ip-prefix-name | Specifies the name of an IPv4 prefix list. | The name is a string of 1 to 169 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| index index-number | Specifies the sequence number of an entry in the IPv4 prefix list. | The value is an integer that ranges from 1 to 4294967295. By default, the sequence number increases
by 10 according to the configuration order, and the first sequence
number is 10. NOTE:
A maximum of 100000 entries can be configured in an IP prefix list. |
| permit | Specifies the matching mode of the IP prefix list as permit. In permit mode, if the IP address to be filtered is within the defined prefix range, the IP address matches the routing policy and does not continue to match the next entry. Otherwise, the IP address continues to match the next entry. | - |
| deny | Specifies the matching mode of the IP prefix list as deny. In deny mode, if the IP address to be filtered is within the defined prefix range, the IP address fails to match the routing policy and cannot match the next entry. Otherwise, the IP address continues to match the next entry. | - |
| ipv4-address | Specifies an IP address. | The value is in dotted decimal notation. |
| mask-length | Specifies the mask length. | The value is an integer that ranges from 0 to 32. |
| match-network | Matches the network address. match-network is used to filter routes to a specified IP address and can be configured only when ipv4-address is 0.0.0.0. For example, the ip ip-prefix prefix1 permit 0.0.0.0 8 command filters all routes with mask length 8, while the ip ip-prefix prefix1 permit 0.0.0.0 8 match-network command filters all routes to the IP address range from 0.0.0.1 to 0.255.255.255. | - |
| greater-equal greater-equal-value | Specifies the lower threshold of the mask length. If greater-equal greater-equal-value and less-equal less-equal-value are not specified, the value of mask-length is the mask length. | greater-equal-value must meet the following requirement: mask-length ≤ greater-equal-value ≤ less-equal-value ≤ 32. If greater-equal is configured, the mask ranges from greater-equal-value to 32. |
| less-equal less-equal-value | Specifies the upper threshold of the mask length. If greater-equal greater-equal-value and less-equal less-equal-value are not specified, the value of mask-length is the mask length. | less-equal-value must meet the following requirement: mask-length ≤ greater-equal-value ≤ less-equal-value ≤ 32. If less-equal is configured, the mask ranges from mask-length to less-equal-value. |
| description text | Specifies the description of the IP prefix list. | The value is a string of 1 to 80 case-sensitive characters without spaces. |
Usage Guidelines
Usage Scenario
- The ip ip-prefix command can be used together
with the following commands to filter routing information to be advertised
globally based on an IP prefix list:
- filter-policy export (RIP)
- filter-policy export (OSPF)
- filter-policy export (IS-IS)
- filter-policy export (BGP)
- The ip ip-prefix command can be used together
with the following commands to filter routing information to be accepted
globally based on an IP prefix list:
- filter-policy import (RIP)
- filter-policy import (OSPF)
- filter-policy import (IS-IS)
- filter-policy import (BGP)
- The ip ip-prefix command can be used together with the following commands to configure
a route filtering policy based on an IP prefix list for a specific
peer:
- peer ip-prefix (BGP)
- The import-route isis level-1 into level-2 filter-policy ip-prefix ip-prefix-name [ tag tag ] command configures route leak from an IS-IS Level-1 area to a Level-2 area based on an IP prefix list.
- The import-route isis level-2 into level-1 filter-policy ip-prefix ip-prefix-name [ tag tag ] command configures route leak from an IS-IS Level-2 area to a Level-1 area based on an IP prefix list.
- The ip ip-prefix command and the if-match ip-prefix command can be used together to test received or sent routes based on an IP prefix list.
An IP prefix list can contain multiple entries with each entry specifying an IP prefix range. The relationship between the entries is "OR". That is, if a route matches one entry, the route matches the IP prefix list; if a route does not match any entry, the route fails to match the IP prefix list.
An IP prefix range is determined by mask-length and [greater-equal-value, less-equal-value]. If mask-length and [greater-equal-value, less-equal-value] are specified, an IP address must match the specified prefix range.
When the value of ipv4-address is 0.0.0.0, a wildcard address, all routes within the mask length range are permitted or denied no matter what value the mask length is specified as.
Single-Node Matching
Case 1:
ip ip-prefix aa index 10 permit 10.1.1.0 24
Matching result: The route 10.1.1.0/24 is permitted, and the other routes are denied.
Note: This is a single-node accurate matching case, which indicates that only the route whose destination IP address and mask are the same as those specified by the IP prefix meets the matching conditions. In this case, permit is configured as the matching mode. Therefore, the route 10.1.1.0/24 is permitted, and the other routes are denied because they do not meet the matching conditions.
Case 2:
ip ip-prefix aa index 10 deny 10.1.1.0 24
Matching result: All routes are denied.
Note: This is also a single-node accurate matching case, which indicates that only the route whose destination IP address and mask are the same as those specified by the IP prefix meets the matching conditions. In this case, deny is configured as the matching mode. Therefore, all routes are denied, regardless of whether they meet the matching conditions.
Multi-Node Matching
Case 1:
ip ip-prefix aa index 10 deny 10.1.1.0 24 ip ip-prefix aa index 20 permit 10.1.1.1 32
Matching result: The route 10.1.1.0/24 is denied; the route 10.1.1.1/32 is permitted; the other routes are denied.
Note: This is a multi-node accurate matching case.- When the route 10.1.1.0/24 is matching node 10 (node with the index 10), it meets the matching conditions but is denied because the matching mode is deny.
- When the route 10.1.1.1/32 is matching node 10, it does not meet the matching conditions and continues to match node 20 (node with the index 20). Because this route matches the matching conditions of node 20, and the matching mode of node 20 is permit, this route is permitted.
- Other routes do not meet the matching conditions of nodes 10 and 20, and these routes are denied by default.
Case 2:
ip ip-prefix aa index 10 permit 10.1.1.0 24 less-equal 32
Configuration result: greater-equal-value is 24, and less-equal-value is 32.
Matching result: The routes 10.1.1.0/24, 10.1.1.1/32, and 10.1.1.0/26 are permitted, and the other routes are denied.
When configuring greater-equal and less-equal, ensure that their values meet the requirement: mask-length ≤ greater-equal-value ≤ less-equal-value. Otherwise, the configuration fails.
Case 3:
ip ip-prefix aa index 10 permit 10.1.1.0 24 greater-equal 26
Configuration result: greater-equal-value is 26, and less-equal-value is 32.
Matching result: The routes 10.1.1.1/32 and 10.1.1.0/26 are permitted, and the other routes are denied.
Case 4:
ip ip-prefix aa index 10 permit 10.1.1.0 24 greater-equal 26 less-equal 32
Configuration result: greater-equal-value is 26, and less-equal-value is 32.
Matching result: The routes 10.1.1.1/32 and 10.1.1.0/26 are permitted, and the other routes are denied.
Wildcard-Address Matching
Case 1:
ip ip-prefix aa index 10 permit 0.0.0.0 8 less-equal 32
Configuration result: greater-equal-value is 8, and less-equal-value is 32. Because the address 0.0.0.0 is a wildcard address, routes with the mask length ranging from 8 to 32 bits meet the matching conditions.
Matching result: Routes with the mask length ranging from 8 to 32 bits are all permitted.
Case 2:
ip ip-prefix aa index 10 deny 0.0.0.0 24 less-equal 32 ip ip-prefix aa index 20 permit 0.0.0.0 0 less-equal 32
Configuration result: For node 10, greater-equal-value is 24, and less-equal-value is 32. Because the address 0.0.0.0 is a wildcard address, routes with the mask length ranging from 24 to 32 bits are all denied. For node 20, greater-equal-value is 0, and less-equal-value is 32. Because the address 0.0.0.0 is a wildcard address, all routes except the routes with the mask length ranging from 24 to 32 bits are permitted.
Matching result: The route 10.1.0.0/16 is permitted, and the other routes are denied.
Case 3:
ip ip-prefix aa index 10 deny 10.2.2.0 24 ip ip-prefix aa index 20 permit 0.0.0.0 0 less-equal 32
Configuration result: For node 10, the route 10.2.2.0/24, which meets the matching conditions, is denied. For node 20, the other routes are all permitted.
Matching result: All routes except the route 10.2.2.0/24 are permitted.